mirror of
https://github.com/rkd77/elinks.git
synced 2024-12-04 14:46:47 -05:00
Use the proxied URI to verify server certificates
Otherwise, the verification fails when using a HTTPS proxy because ELinks checks whether the proxy matches the certificate. Signed-off-by: Fabienne Ducroquet <fabiduc@gmail.com>
This commit is contained in:
parent
4efea7e314
commit
73b09749ac
@ -156,7 +156,7 @@ verify_certificates(struct socket *socket)
|
||||
* only contain ASCII characters. Internationalized domain
|
||||
* names must thus be in Punycode form. Because GnuTLS 2.8.6
|
||||
* does not itself support IDN, ELinks must convert. */
|
||||
hostname = get_uri_string(conn->uri, URI_HOST | URI_IDN);
|
||||
hostname = get_uri_string(conn->proxied_uri, URI_HOST | URI_IDN);
|
||||
if (!hostname) return -6;
|
||||
|
||||
ret = !gnutls_x509_crt_check_hostname(cert, hostname);
|
||||
@ -313,7 +313,7 @@ verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
|
||||
socket = SSL_get_ex_data(ssl, socket_SSL_ex_data_idx);
|
||||
conn = socket->conn;
|
||||
host_in_uri = get_uri_string(conn->uri, URI_HOST | URI_IDN);
|
||||
host_in_uri = get_uri_string(conn->proxied_uri, URI_HOST | URI_IDN);
|
||||
if (!host_in_uri)
|
||||
return 0;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user